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Cross -Reference to Related Applications 

10 

This application is a continuation-in-part (CIP) of co- 
pending application Serial No. 09/060,026, filed April 14, 
m 1998. This application is related to Application Serial No. 

filed October , 1998 by A. Halperin et al 

;J 15 (IBM Docket No. Y0998-287) entitled "Method and System for 

iy Preventing Counterfeiting of High Price Wholesale and Retail 

Items"; and to Application Serial No. filed 

:0 October , 1998 by A. Af zali - Ardakani et al (IBM Docket 

No. Y0998-342) entitled "Method and System for Preventing 
q 20 Parallel Marketing of Wholesale and Retail Items"; which 

ill related Applications are being filed contemporaneously with 

^ this application. The entire disclosure of each of these 

ID applications is incorporated by reference herein. Each of 

these three application is copending and commonly assigned. 
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Field of the Invention 



The present invention generally relates to 
distinguishing authentic goods from counterfeit goods and, 
30 more particularly, to a system for authenticating consumer 
goods using an electronically authenticatable device 
attached to goods. 
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Description of the Related Art 

Counterfeit or "knock-off" goods costs billions of 
dollars yearly to companies around the world in lost sales. 
5 Many counterfeited products are of inferior quality and 

therefore may tarnish the reputations of legitimate 
producers when consumers mistake the counterfeit for the 
real thing. Even if a counterfeit good is well done, the 
counterfeiter has avoided any of the expenditures in the 

10 research and development or intellectual property concerns 
incurred by or owed to the legitimate producer. Consumers 
and producers both suffer from counterfeiting through 
increased prices for legitimate merchandise and inferior 
quality of fraudulent merchandise. 

15 Complete prevention against counterfeiting is probably 

unrealistic, at least for products which are manufactured. 
Some types of counterfeiting, often of inferior quality, are 
embraced by some consumers who desire to own, but cannot 
afford, expensive goods. Also, for products which are easily 

20 duplicable with no or little quality loss, some consumers 

prefer to protect their immediate financial interest rather 
than the interest of the legitimate producers. 

Nevertheless, whether it be for the sake of honesty or 
because of quality concerns many, if not most, consumers 

25 prefer to purchase only authentic merchandise, especially 

when full price was paid. For these consumers, it is desired 
to provide a system by which the authenticity of a product 
can be confirmed to insure that what is being paid for is in 
fact the real thing. 

30 It has been widely recognized by management of 

corporations most exposed to counterfeiting, such as, for 
example, manufacturers of compact disks (CDs), videos, 
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perfumes, luxury watches, etc, that allowing the public to 
verify the authenticity of a product with a high degree of 
certainty would substantially help to mitigate damages 
incurred from counterfeiters, 
5 Many ingenious anti -counterfeit schemes have been 

devised over the years. A typical example of a system widely 
used to identify a counterfeit good involves the use of 
seals which have traditionally been used to authenticate 
documents. Variations on this theme include watermarks, such 
10 as are found on some international currencies, fine prints, 
tiny objects attached to a product or the package such as 
holograms, and so on. The efficacy of such methods has 
q dramatically decreased with the evolution of technology. Due 

v to progress in various technologies, if the customer can 

!~ 15 recognize the "seal", the counterfeiter usually can imitate 
1U it in such a way that the customer cannot detect the 

difference. For example, holographic seals verifiable by a 
=0 consumer, once difficult and expensive to reproduce, are now 

; ! : child's play with relatively inexpensive equipment. 

q 20 On the other hand, it is easy to produce seals only 

=W verifiable by the vendor. However, the cooperation of the 

,q consuming public to contact the vendor to verify the seal is 

IB a drawback. To partially overcome this difficulty, several 

manufacturers attach a serial number to each item. It has 
25 been proposed to improve on this method in U.S. Patent 

Number 4,463,250 to McNeight et al. and in U.S. Patent 
Number 5,367,148 Storch et al. For serial numbers to offer 
increased protection, these patents propose to use a serial 
number where part or all of the digits are chosen at random 
30 or generated by some secret code. The originator keeps a 
copy of all numbers so generated and the check of 
authenticity is performed by verifying that the tag of a 
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given item carries a number on the list. Such methods also 
propose some partial check using a small computer. 
Unfortunately, these methods suffer from several drawbacks. 
First, the need to contact the originator is unavoidable in 
5 the prior art. In such case, a counterfeiter may saturate 

the communication lines used for verification and make the 
process inefficient. Further, the fact that a database has 
to be kept of all purchases creates invasion of privacy 
issues for consumers. For example, if the consumer pays 
10 using a credit card, it becomes easy to attach the 

consumer's name to the product which has been bought, often 
without the consent of the consumer. Moreover, the 
q originator must keep an ever growing database and must make 

■D this database quite secure for an unforeseen amount of time. 

i B 15 Every access to the database must be secure, and one has to 
1?J make certain that no external party obtains access to the 

database. This of course becomes increasingly difficult the 
%S larger and more often the data base is accessed. Secondly, 

using a small scanner, and the help of several accomplices, 
p 20 a would be counterfeiter may copy huge lists of existing 

serial numbers if the serial numbers are visible when the 
.J product is packaged, and the public has no means by which to 

even partially authenticate the product prior to purchase if 
the serial numbers are hidden. This problem is partially due 
25 to the fact that there is not very much connection between 
the serial number and the product it corresponds to, i.e. 
the serial number does not contain enough information about 
the product. 

Another serious problem related to counterfeiting 
30 involves so called "parallel markets" . There are two 

typical scenarios. In the first, stolen new goods can be 
reintroduced in various markets as genuine new goods, this 
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is commonly referred to as the "black market" . In the 
second, sometimes referred to as the "grey market*, a 
producer sells on different markets having different pricing 
policies. An agent in a lower priced market may resell the 
5 producer' s goods to an agent in a higher priced market. In 

both cases, the producer loses, 

SUMMARY OF THE INVENTION 

10 It is therefore an object of the present invention to 

help protect legitimate vendors and the public against 
difficult to recognize counterfeits, 
p It is yet another object of the present invention to 

]0 aid law enforcement authorities in the pursuit of 

jig 15 counterfeiters and identifying illegal counterfeit goods as 

m well as goods being sold in parallel markets. 

It is yet another object of the present invention to 
:fl provide a system for authenticating goods by using 

; : : tamper-resistant and/or duplication- resistant electronic 

13 20 "tags" such as smart cards attached to goods. 

l ;W According to the invention a smart tag attached to the 

J goods contains encrypted authentication information, such as 

!B a serial number, and can further contain encrypted 

identifying information associated with the goods such as, 
25 for example, a description of the good' s physical appearance 

or chemical decomposition, its color, its routing 
information, etc. The encryption procedure comprises 
public/private key encryption with zero -knowledge protocols. 
Zero knowledge protocols allow a smart tag to be 
30 authenticatable and yet be duplication resistant by allowing 
the verifying agent to convince him/herself that the smart 
tag is authentic without revealing its authentication 
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information. 

The verification procedure can be done using a contact 
or contactless card reader equipped with the appropriate 
public key and zero -knowledge protocols to decrypt the 
5 identifying information. A printed version of the serial 

number or other authentication information may be placed on 
the goods in human readable form to quickly verify the 
information electronically read from the smart tag. With the 
present invention, only the manufacturer can create such 
10 smart tags with the associated data thus making it virtually 

impossible to pass off a counterfeit good as authentic. 



n BRIEF DESCRIPTION OF THE DRAWINGS 

1ST 

m 15 The foregoing and other objects, aspects and advantages 

\U will be better understood from the following detailed 

■jt description of a preferred embodiment of the invention with 

?o reference to the drawings, in which: 

:\ Figure 1 is a block diagram of a first embodiment of 

p 20 the present invention; 

ly Figure 2 is a sample of a possible serial number 

% q structure according to the present invention; 
ffi Figure 3 is a block diagram of a second embodiment of 

the present invention; and 
25 Figure 4 is a block diagram of an embodiment of the 

invention for identifying parallel markets. 
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DETAILED DESCRIPTION OF A PREFERRED 
EMBODIMENT OF THE INVENTION 

Referring now to the drawings, and more particularly to 
Figure 1 there is shown a block diagram of a first 
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embodiment of the present invention. A legitimate 
manufacturer 101 commands a serial number generator 102 to 
generate sequences of serial numbers. These serial numbers 
can be just consecutive numbers, or contain uncoded and/or 
5 coded information as exemplified in Figure 2. The legitimate 
manufacturer 101 also possesses private keys, 103 and 104, 
and the corresponding public keys, 109 and 110, from private 
key /public key pairs as available now in many forms. 
Public key encryption involves the use of 
10 private/public key pairs. The private key is known only to 

the manufacturer. Using a corresponding public key provided 
by the manufacturer, the consumer or law enforcement agent 
□ can verify that the encrypted version matches the serial 

{Z number. An advantage to this method is that only the 

m 15 manufacturer can produce matching pairs. The wide spread 
;!H availability of the public key does not compromise the 

security of the private key. The public key for verification 
*B can be made available on the product itself or by the 

1: 

1^ manufacturer for example over the Internet. A comprehensive 

O 20 description on the subject of private/public key pairs and 

[z zero -knowledge protocols can be found in "Handbook of 

=0 Applied Cryptography", Alfred Menezes et al., CRC Press, 

m 1997, and in "Cryptography: theory and practice", D. R. 

Stinson, CRC Press, 1995, herein incorporated by reference. 
25 Zero knowledge protocols may be used to allow a smart 

tags to be authenticatable and yet be duplication resistant 
by allowing the verifying agent to convince him/herself that 
the smart tag is authentic without the smart tag revealing 
its authentication information. Such zero knowledge 
30 protocols have been disclosed for instance in U. S. Patent 

5,140,634 to Guillou et al., U.S. Patent 4,864,110 to 
Guillou, and U.S. Patent 4,995,082 to Schnorr, all herein 
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incorporated by reference. 

Referring still to Figure 1, the serial number 
generated by generator 102 is encrypted using the private 
keys 103 and 104. The serial number and its encrypted 
5 version from 103 are communicated to printer -1 at block 105, 
while the encrypted versions from private key 104 is 
communicated to smart card writer at block 106. Printer 1 at 
block 105 prints a visible label 107 and the smart card 
writer at block 106 produces a smart card 108 containing the 
10 coded information prepared at 104. The visible label is 

attached to the product, while the smart card 108 is either 
attached to the product or simply packaged with the product. 
□ The legitimate manufacturer 101 make the public keys, 109 

and 110, accessible to the customer or law enforcement 
m 15 agents 112, for instance through a link of the Internet 
\f s World Wide Web (WWW) 111. The customer can verify 

^ authenticity in a first stage by examining the visible label 

using public key 109 or verification can be performed by the 
customer after the purchase by examining the hidden label 
O 20 using public key 110. The cashier may verify the 

authenticity of the product from the visible label in front 
of the customer with a point of sale (POS) machine 115 such 
as a cash register equipped with the appropriate public key 
and, if desired, a smart card reader. 
25 The protection coming from the smart card containing 

the serial number and the private key /public key pair 104 
and 110 can be omitted if the customer is satisfied with the 
level of authenticity verification provided by the visible 
label. Similarly, specific agents may only be interested 
30 verifying the smart card in which case the label can be 

omitted. Using the link to the WWW 111, or some other link 
to the legitimate originator, the customer may be able to 
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register the serial number of the product that has been 
purchased. After the customer initiates such initial 
contact, the manufacturer can contact the customer for 
example to relay product update information, recall 
5 information, etc. 

The label and smart card composition and data can be 
further detailed as follows for a series of serial numbers 
with reference now to Figure 3. The product information 201, 
manufacturing information 202, routing information 203, and 
10 the previous serial number in the series (or some 

initialization number at first stage) 204 are sent to the 
serial number generator 205. The serial number is sent to 

□ private key number-2 at block 206. The encrypted versions of 
;^ the serial number is sent to the smart card writer at block 
fg 15 209 which writes it on the smart card 211. The serial number 

is also sent by the serial number generator 205 to printer- 1 
at block 208, possibly in conjunction with an encrypted 
:; D version of it, encrypted using private key number 1 at block 

u 207. What is received at printer- 1 208 is printed on the 

□ 20 visible label 210. Controls are be made, using the public 
;2 keys corresponding to private key-1, and if needed private 
=0 key- 2, to verify that the label and the smart card 211 

— correspond to each other and, when private key-1 is used, 

that the readable and encoded versions of the serial number 

25 match on the visible label. Private key-1 (207) can be 

replaced by some apparatus generating a watermark or other 
alteration of the product which do not affect its quality in 
a human -perceptible way. 

The visible label will be printed by a printer linked 

30 to a computer 213. A part of the serial numbers is composed 

in successive sequences incremented by one. A part of the 
serial number will preferably contain information such as 
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routing, product name, date, etc. Each serial number is 
processed by two private key encoders, yielding two 
numerical identifiers. One of the numerical identifiers is 
written to the smart card while the serial number and the 
5 second identifier are printed on the label, which will later 

be glued directly to the product or its packaging so as to 
be visible from the outside. The printing chain is also 
equipped with a verifier device (not shown) which checks 
that the various sets of numbers are printed in a 
10 synchronous way. The second numerical identifier allows a 

preliminary check of authenticity, which should enable easy 
identification of the more flagrant counterfeit product 
□ labeling. 

Instead of a serial number, the numerical identifier 
!|n 15 could include a description of the physical appearance of 

the product, the color of the product, a chemical 
decomposition of the product and other descriptions of the 
D product, including digital images of the product. This 

^ information will be contained in block 201 (Figure 3) . 

3 20 Furthermore, the identifier could also be encoded in various 

forms of widely used barcodes . 
?p A smart tag may be a smart card 211 or any other 

^ electronic device which contains memory and/or processing 

and computation circuitry and can operate autonomously and 
25 responds to queries from a verifying or authentication 

device. A more detailed discussion to smart card technology 
and applications can be found in "Smart Cards: a guide to 
building and managing smart card applications," by Henry 
Dreifus and J. Thomas Monk, John Wiley & Sons, 1998, herein 
30 incorporated by reference. 

In case zero -knowledge protocols are used the smart 
card 211 is tamper resistant and/or duplication- resistant . 
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For certain applications, the smart card 211 may be 
programmed to self-destruct (i.e., erases its contents) 
after verification in which case the use of a visible label 
may be dispensed with. Alternatively, it could be kept and 
5 maintained as a title and record of the whole resale history 
of the product to which it is attached. Depending on 
applications, the smart card can contain only authentication 
information showing that the attached goods came from the 
purported manufacturer. For instance, the smart card can 
10 contain authentication information about the manufacturer, 

not the particular goods themselves, in which case the smart 
card is the same for all products by the manufacturer. In 
□ other applications, the smart card can further contain 

j*f specific encrypted information about the attached goods, 

m 15 such as digital images of the goods, a physical or chemical 

IJj description of the goods, unique serial numbers, etc. The 

>j verification procedure can be done using a card reader 215 

'0 equipped with the appropriate public key and zero -knowledge 

protocols to decrypt the identifying information. The card 
O 20 reader 215 may be required to make contact with the card 211 
fjf or, in certain applications where the card 211 is embedded 

*n in the goods, inductive, capacitive or some other type of 

^ contactless coupling may be employed by the reader to read 

the card 211. 

25 Referring to Figure 4, this invention can be used to 

prevent parallel markets from occurring by encoding routing 
information into the serial number or in the coded version 
of it. At the point of sale, the customer can ask to 
authenticate the product, and this verification can only be 

30 done if the routing information is kept intact, and is 

compatible with the actual point of sale. The smart card 
reader which performs this authentication is designed to 
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only function in such circumstances. For example, the 
manufacturer give each merchant the routing information 
encrypted with a private key and the smart card reader can 
only authenticate the product if decrypting the encrypted 
5 routing information with a corresponding public key results 
in a match with the routing information on the product. In 
block 402, the smart card reader obtains the encrypted 
routing information from the merchant and decrypt it using a 
corresponding public key (403) . In decision block 404 the 

10 decrypted routing information is compared with the routing 

information in the smart card. If they do not match, the 
product is not meant to be sold here and the authentication 
fails. If they do match, in decision block 405 the smart 
card is authenticated. If the smart card is not 

15 authenticated, the product fails to be authenticated. If the 

smart card is authenticated, in decision block 406, the 
product information in the smart card is compared with the 
serial number and/or other types of product information. If 
they do not match, the product is not authenticated. If 

20 they do match, the product is authenticated. As an 

additional incentive for the customer to perform such 
verification, one can decide that the warranty on a product 
can only be activated if the product can be authenticated in 
this way at the point of sale. Upon activation, the customer 

25 can choose to obtain a printed version of the warranty. If 
desired, the merchant can write onto a special memory 
section of the smart card the date and other information of 
the purchase. 

While the invention has been described in terms of a 
30 preferred embodiment, those skilled in the art will 

recognize that the invention can be practiced with 
modification within the spirit and scope of the appended 
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